fix: import error for weave sanitize

[willkill07]

Description

When we upgraded weave to a newer version, we forgot to update the API for the sanitize logic.

This PR:

• corrects the import
• uses the new API for adding redaction keys

Closes nvbugs-5564010

By Submitting this PR I confirm:

• I am familiar with the Contributing Guidelines.
• We require that all contributors "sign-off" on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license.
  • Any contribution which contains commits that are not Signed-Off will not be accepted.
• When the PR is ready for review, new or existing tests cover these changes.
• When the PR is ready for review, the documentation is up to date with these changes.

Summary by CodeRabbit

• Bug Fixes
  • Improves reliability of sensitive data redaction when custom keys are configured, ensuring consistent and predictable masking across traces and sessions.
  • Prevents unintended side effects from global redaction settings, reducing risk of over- or under-redaction in mixed workloads.
  • Enhances stability in environments with multiple plugins or concurrent runs.
  • Backwards compatible: existing redaction settings continue to work without user changes.

[coderabbitai]

Walkthrough

Updates redact key handling: switches from mutating weave.trace.REDACT_KEYS with a combined list to invoking weave.utils.sanitize.add_redact_key for each configured key when redact_pii and redact_keys are set. No public API signatures changed.

Changes

Cohort / File(s)	Summary of Changes
Weave PII redaction integration packages/nvidia_nat_weave/src/nat/plugins/weave/register.py	Replaced global REDACT_KEYS list mutation with per-key calls to weave.utils.sanitize.add_redact_key(key) while iterating config.redact_keys. Control flow remains the same; only the mechanism for extending redact keys changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately describes the core change, uses an imperative verb form, and stays well within the recommended character limit, making it both clear and appropriately formatted.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/nvidia_nat_weave/src/nat/plugins/weave/register.py (1)

42-43: Add return type hint and docstring.

The function is missing:

1. A return type hint (required per coding guidelines for public APIs)
2. A Google-style docstring (required per coding guidelines)

Since this is an async generator function (uses yield), add the return type hint:

+from collections.abc import AsyncIterator
+
 @register_telemetry_exporter(config_type=WeaveTelemetryExporter)
-async def weave_telemetry_exporter(config: WeaveTelemetryExporter, builder: Builder):
+async def weave_telemetry_exporter(config: WeaveTelemetryExporter, builder: Builder) -> AsyncIterator[WeaveExporter]:
+    """Initialize and yield a Weave telemetry exporter.
+
+    Args:
+        config: Configuration for the Weave telemetry exporter.
+        builder: Builder instance for accessing shared resources.
+
+    Yields:
+        WeaveExporter: Configured Weave exporter instance.
+    """
     import weave

As per coding guidelines.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 21f2e30 and 31f9873.

📒 Files selected for processing (1)

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{py,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/nat-test-llm.mdc)

**/*.{py,yaml,yml}: Configure response_seq as a list of strings; values cycle per call, and [] yields an empty string.
Configure delay_ms to inject per-call artificial latency in milliseconds for nat_test_llm.

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

**/*.py

📄 CodeRabbit inference engine (.cursor/rules/nat-test-llm.mdc)

**/*.py: Programmatic use: create TestLLMConfig(response_seq=[...], delay_ms=...), add with builder.add_llm("", cfg).
When retrieving the test LLM wrapper, use builder.get_llm(name, wrapper_type=LLMFrameworkEnum.) and call the framework’s method (e.g., ainvoke, achat, call).

**/*.py: In code comments/identifiers use NAT abbreviations as specified: nat for API namespace/CLI, nvidia-nat for package name, NAT for env var prefixes; do not use these abbreviations in documentation
Follow PEP 20 and PEP 8; run yapf with column_limit=120; use 4-space indentation; end files with a single trailing newline
Run ruff check --fix as linter (not formatter) using pyproject.toml config; fix warnings unless explicitly ignored
Respect naming: snake_case for functions/variables, PascalCase for classes, UPPER_CASE for constants
Treat pyright warnings as errors during development
Exception handling: use bare raise to re-raise; log with logger.error() when re-raising to avoid duplicate stack traces; use logger.exception() when catching without re-raising
Provide Google-style docstrings for every public module, class, function, and CLI command; first line concise and ending with a period; surround code entities with backticks
Validate and sanitize all user input, especially in web or CLI interfaces
Prefer httpx with SSL verification enabled by default and follow OWASP Top-10 recommendations
Use async/await for I/O-bound work; profile CPU-heavy paths with cProfile or mprof before optimizing; cache expensive computations with functools.lru_cache or external cache; leverage NumPy vectorized operations when beneficial

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

packages/*/src/**/*.py

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

Importable Python code inside packages must live under packages//src/

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

{src/**/*.py,packages/*/src/**/*.py}

📄 CodeRabbit inference engine (.cursor/rules/general.mdc)

All public APIs must have Python 3.11+ type hints on parameters and return values; prefer typing/collections.abc abstractions; use typing.Annotated when useful

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

**/*

⚙️ CodeRabbit configuration file

**/*: # Code Review Instructions

• Ensure the code follows best practices and coding standards. - For Python code, follow
  PEP 20 and
  PEP 8 for style guidelines.
• Check for security vulnerabilities and potential issues. - Python methods should use type hints for all parameters and return values.
  Example:

  def my_function(param1: int, param2: str) -> bool:
      pass

• For Python exception handling, ensure proper stack trace preservation:
  • When re-raising exceptions: use bare raise statements to maintain the original stack trace,
    and use logger.error() (not logger.exception()) to avoid duplicate stack trace output.
  • When catching and logging exceptions without re-raising: always use logger.exception()
    to capture the full stack trace information.

Documentation Review Instructions - Verify that documentation and comments are clear and comprehensive. - Verify that the documentation doesn't contain any TODOs, FIXMEs or placeholder text like "lorem ipsum". - Verify that the documentation doesn't contain any offensive or outdated terms. - Verify that documentation and comments are free of spelling mistakes, ensure the documentation doesn't contain any

words listed in the ci/vale/styles/config/vocabularies/nat/reject.txt file, words that might appear to be
spelling mistakes but are listed in the ci/vale/styles/config/vocabularies/nat/accept.txt file are OK.

Misc. - All code (except .mdc files that contain Cursor rules) should be licensed under the Apache License 2.0,

and should contain an Apache License 2.0 header comment at the top of each file.

• Confirm that copyright years are up-to date whenever a file is changed.

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

packages/**/*

⚙️ CodeRabbit configuration file

packages/**/*: - This directory contains optional plugin packages for the toolkit, each should contain a pyproject.toml file. - The pyproject.toml file should declare a dependency on nvidia-nat or another package with a name starting
with nvidia-nat-. This dependency should be declared using ~=<version>, and the version should be a two
digit version (ex: ~=1.0).

• Not all packages contain Python code, if they do they should also contain their own set of tests, in a
  tests/ directory at the same level as the pyproject.toml file.

Files:

• packages/nvidia_nat_weave/src/nat/plugins/weave/register.py

🔇 Additional comments (2)

packages/nvidia_nat_weave/src/nat/plugins/weave/register.py (2)

1-14: LGTM! License header is correct.

The Apache 2.0 license header is properly formatted with the current copyright year.

---

27-39: LGTM! Well-documented configuration class.

The configuration class has proper type hints and clear field descriptions.

[willkill07]

/merge